[strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl 1.0.1e-fips
Scot Hutchinson
shutchinson at oceusnetworks.com
Thu Apr 4 17:00:28 CEST 2013
I rebuilt strongswan with the CFLAGS you suggested and that resolved the issue we were seeing.
Thanks.
Scot
________________________________________
From: Tobias Brunner [tobias at strongswan.org]
Sent: Tuesday, April 02, 2013 11:50 AM
To: Scot Hutchinson
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl 1.0.1e-fips
Hi Scot,
> Apr 2 15:18:16 00[LIB] feature PUBKEY:ECDSA in 'pem' plugin has unsatisfied dependency: PUBKEY:ECDSA
It seems the openssl plugin was not built with ECDSA support. Which is
strange if you used ipsec pki on the same host to create the ECDSA keys
and certificates. The openssl plugin uses openssl/conf.h to detect
which features the OpenSSL library was built with. Did you perhaps
build strongSwan before you reconfigured OpenSSL with ECC support? Or
are perhaps the wrong OpenSSL header files used by strongSwan? If so,
you might want to try adding -I/path/to/proper/openssl/headers to the
strongSwan CFLAGS.
Regards,
Tobias
More information about the Users
mailing list